From 10abd7908536e6eeb31ac31d4f6df487b66d8cb7 Mon Sep 17 00:00:00 2001 From: Jaimos Skriletz Date: Mon, 9 Dec 2024 18:59:28 -0700 Subject: [PATCH] Add warning when view open test of user and can submit answers. Viewing an open gateway test while acting as a student with the permission to submit answers for that student is dangerous since the user's answers will be saved over the student's answers. In this case, give a warning to the user about the danger and suggest they disable the permission to submit answers as students before viewing the open test version, unless they plan to submit answers for that student. The warning will only appear when they first view the test version unless they back out of the test version loosing the hidden `submit_for_student_ok` parameter. --- lib/WeBWorK/ContentGenerator/GatewayQuiz.pm | 24 +++++++++-- .../ContentGenerator/GatewayQuiz.html.ep | 41 +++++++++++-------- 2 files changed, 45 insertions(+), 20 deletions(-) diff --git a/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm b/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm index 1f562e0ade..6a007a388b 100644 --- a/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm +++ b/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm @@ -545,7 +545,7 @@ async sub pre_header_initialize ($c) { $authz->hasPermissions($userID, 'record_answers_when_acting_as_student') || $authz->hasPermissions($userID, 'create_new_set_version_when_acting_as_student') ) - && $c->param('createnew_ok') + && $c->param('submit_for_student_ok') ) ) ) @@ -618,7 +618,8 @@ async sub pre_header_initialize ($c) { . 'the "Create New Test Version" button below. Alternatively, click "Cancel".', $effectiveUserID ); - $c->{invalidVersionCreation} = 1; + $c->{invalidVersionCreation} = 1; + $c->{confirmSubmitForStudent} = 1; } elsif ($effectiveUserID ne $userID) { $c->{invalidSet} = $c->maketext( @@ -626,7 +627,7 @@ async sub pre_header_initialize ($c) { . 'when acting as another user.', $effectiveUserID ); - $c->{invalidVersionCreation} = 2; + $c->{invalidVersionCreation} = 1; } elsif (($maxAttemptsPerVersion == 0 || $currentNumAttempts < $maxAttemptsPerVersion) && $c->submitTime < $set->due_date() + $ce->{gatewayGracePeriod}) @@ -659,6 +660,23 @@ async sub pre_header_initialize ($c) { { if (between($set->open_date(), $set->due_date() + $ce->{gatewayGracePeriod}, $c->submitTime)) { $versionIsOpen = 1; + + # If acting as another user, then the user has permissions to record answers for the + # student which is dangerous for open test versions. Give a warning unless the user + # has already confirmed they understand the risk. + if ($effectiveUserID ne $userID && !$c->param('submit_for_student_ok')) { + $c->{invalidSet} = $c->maketext( + 'You are trying to view an open test version for [_1] and have the permission to submit ' + . 'answers for that user. This is dangerous, as your answers can overwrite the ' + . q/student's answers as you move between test pages, preview, or check answers. / + . 'If you are planing to submit answers for this student, click "View Test Version" ' + . 'below to continue. If you only want to view the test version, click "Cancel" ' + . 'below, then disable the permission to record answers when acting as a student ' + . 'before viewing open test versions.', + $effectiveUserID + ); + $c->{confirmSubmitForStudent} = 1; + } } } } diff --git a/templates/ContentGenerator/GatewayQuiz.html.ep b/templates/ContentGenerator/GatewayQuiz.html.ep index ed2ed65079..fcaaaf38f2 100644 --- a/templates/ContentGenerator/GatewayQuiz.html.ep +++ b/templates/ContentGenerator/GatewayQuiz.html.ep @@ -68,30 +68,33 @@ % # If the set or problem is invalid, then show that information and exit. % if ($c->{invalidSet}) {
-
- % if ($c->{invalidVersionCreation}) { - <%= maketext( - 'The selected test ([_1]) is not a valid test for [_2] (acted as by [_3]).', - $setID, $effectiveUserID, $userID - ) =%> - % } else { - <%= maketext( - 'The selected test ([_1]) is not a valid test for [_2].', - $setID, $effectiveUserID - ) =%> - % } -
+ % if (!$c->{confirmSubmitForStudent} || $c->{invalidVersionCreation}) { +
+ % if ($c->{invalidVersionCreation}) { + <%= maketext( + 'The selected test ([_1]) is not a valid test for [_2] (acted as by [_3]).', + $setID, $effectiveUserID, $userID + ) =%> + % } else { + <%= maketext( + 'The selected test ([_1]) is not a valid test for [_2].', + $setID, $effectiveUserID + ) =%> + % } +
+ % }
<%= $c->{invalidSet} %>
- % if ($c->{invalidVersionCreation} && $c->{invalidVersionCreation} == 1) { + % if ($c->{confirmSubmitForStudent}) {
- <%= link_to maketext('Create New Test Version') => $c->systemLink( + <%= link_to $c->{invalidVersionCreation} + ? maketext('Create New Test Version') : maketext('View Test Version') => $c->systemLink( url_for, - params => { effectiveUser => $effectiveUserID, user => $userID, createnew_ok => 1 } + params => { effectiveUser => $effectiveUserID, user => $userID, submit_for_student_ok => 1 } ), class => 'btn btn-primary' =%> <%= link_to maketext('Cancel') => $c->systemLink( - url_for('problem_list', setID => $setID), + url_for('problem_list', setID => $setID =~ s/,v\d+$//r), params => { effectiveUser => $effectiveUserID, user => $userID } ), class => 'btn btn-primary' @@ -410,6 +413,10 @@ <%= hidden_field newPage => '' =%> <%= hidden_field currentPage => $pageNumber =%> % } + % # Keep track that a user has confirmed it is okay to submit for a student. + % if (param('submit_for_student_ok')) { + <%= hidden_field submit_for_student_ok => 1 =%> + % } % % # Set up links between problems and, for multi-page tests, pages. % for my $i (0 .. $#$pg_results) {